In its recent research, Palo Alto Networks detected a significant increase in Android malware posing as the popular AI Chatbot, ChatGPT. The malware came out after the launch of OpenAI’s GPT-3.5 and GPT-4 and started targeting users who have expressed interest in using the ChatGPT tool.
The malicious software includes a deceptive Meterpreter Trojan which disguises itself as two different applications: “SuperGPT” and “ChatGPT”. These applications covertly send text messages to premium-rate numbers, resulting in financial charges for unsuspecting victims. The funds from these charges are then, collected by threat actors.
In addition, Android users also have the opportunity to download applications from other sources other than the Google Play store, increasing the risk of getting unverified apps.
During the investigation of Palo Alto Networks regarding the issue, several findings came to light. Firstly, once the Trojan successfully exploits a device, it allows unauthorized remote access. Additionally, the malware samples identified in the investigation utilize a digital code-signing certificate associated with an attacker known as “Hax4Us”, indicating a consistent pattern across multiple instances of malware. Lastly, a cluster of malware samples, posing as ChatGPT-related apps, carry out a scheme by sending SMS messages to premium-rate numbers in Thailand. These messages incur charges for the victims, enabling scams and fraudulent activities.
With that, these findings emphasize the need for caution and awareness, particularly when engaging with Android devices and downloading applications from unverified sources.
To know more about Palo Alto Networks, you may visit their official website.